This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl  vulnerabilities in their environments.

Security teams don’t have to swing into crisis mode to address the recently fixed vulnerabilities in the command-line tool curl and the libcurl library, but that doesn't mean they don't have to worry about identifying and remediating impacted systems. If the systems are not immediately exploitable, security teams have some time to make those updates.

This Tech Tip aggregates guidance on what security teams need to do to ensure they aren't at risk.

A foundational networking tool for Unix and Linux systems, cURL is used in command lines and scripts to transfer data. Its prevalence is due to the fact that it is used as both a standalone utility (curl) as well as a library that is included in many different types of applications (libcurl). The libcurl library, which allows developers to access curl APIs from their own code, can be introduced directly into the code, used as a dependency, used as part of an operating system bundle, included as part of a Docker container, or installed on a Kubernetes cluster node.

**What Is CVE-2023-38545?**

The high severity vulnerability affects curl and libcurl versions 7.69.0 to 8.3.0, and the low severity vulnerability impacts libcurl versions 7.9.1 to 8.3.0. However, the vulnerabilities cannot be exploited under default conditions. An attacker trying to trigger the vulnerability would need to point curl at a malicious server under the attacker’s control, make sure curl is using a SOCKS5 proxy using proxy-resolver mode, configure curl to automatically follow redirects, and set the buffer size to a smaller size.

According to Yair Mizrahi, a senior security researcher at JFrog, the libcurl library is vulnerable only if the following environment variables are set: _CURLOPT\_PROXYTYPE_  set to type _CURLPROXY\_SOCKS5\_HOSTNAME_; or _CURLOPT\_PROXY_ or _CURLOPT\_PRE\_PROXY_  set to scheme _socks5h://_. The library is also vulnerable if one of the proxy environment variables is set to use the _socks5h://_ scheme. The command-line tool is vulnerable only if it is executed with the _\-socks5-hostname_ flag, or with _\--proxy_ (-x) or _\--preproxy_ set to use the scheme _socks5h://_. It is also vulnerable if curl is executed with the affected environment variables.

“The set of pre-conditions needed in order for a machine to be vulnerable (see previous section) is more restrictive than initially believed. Therefore, we believe the vast majority of curl users won’t be affected by this vulnerability,” Mizrahi wrote in the analysis.

**Scan the Environment for Vulnerable Systems**

The first thing organizations need to do is to scope their environments to identify all systems using curl and libcurl to assess whether those preconditions exist. Organizations should inventory their systems and evaluate their software delivery processes using software composition analysis tools for code, scanning containers, and application security posture management utilities, notes Alex Ilgayev, head of security research at Cycode. Even though the vulnerability does not affect every implementation of curl, it would be easier to identify the impacted systems if the team starts with a list of potential locations to look.

The following commands identify which versions of curl are installed:

_Linux/MacOS:_

_find / -name curl 2>/dev/null -exec echo "Found: {}" \\; -exec {} --version \\;_

_Windows:_

_Get-ChildItem -Path C:\\ -Recurse -ErrorAction SilentlyContinue -Filter curl.exe | ForEach-Object { Write-Host "Found: $($\_.FullName)"; & $\_.FullName --version }_

GitHub has a query to run in Defender for Endpoint to identify all devices in the environment that have curl installed or use curl. Qualys has published its rules for using its platform.

Organizations using Docker containers or other container technologies should also scan the images for vulnerable versions. A sizable number of rebuilds are expected, particularly in docker images and similar entities that incorporate liburl copies. Docker has pulled together a list of instructions on assessing all images.

_To find existing repositories:_

_docker scout repo enable --org <org-name> <org-name>/scout-demo_

_To analyze local container images:_

_docker scout policy \[IMAGE\] --org \[ORG\]_

This issue highlights the importance of keeping meticulous track of all open source software being used in an organization, according to Henrik Plate, a security researcher at Endor Labs.

“Knowing about all the uses of curl and libcurl is the prerequisite for assessing the actual risk and taking remediation actions, be it patching curl, restricting access to affected systems from untrusted networks, or implementing other countermeasures,” Plate said.

If the application comes with a software bill of materials, that would be a good place to start looking for instances of curl, adds John Gallagher, vice president of Viakoo Labs.

Just because the flaws are not exploitable doesn’t mean the updates are not necessary. Patches are available directly for curl and libcurl, and many of the operating systems (Debian, Ubuntu, Red Hat, etc.) have also pushed fixed versions. Keep an eye out for security updates from other applications, as libcurl is a library used by many operating systems and applications.

One workaround until the updates can be deployed is to force curl to use local hostname resolving when connecting to a SOCKS5 proxy, according to JFrog’s Mizrahi. This syntax uses the socks5 scheme and not socks5h: _curl -x socks5://someproxy.com_. In the library, replace the environment variable _CURLPROXY\_SOCKS5\_HOSTNAME_ with _CURLPROXY\_SOCKS5_.

According to Benjamin Marr, a security engineer at Intruder,  security teams should be monitoring curl flags for excessive large strings, as that would indicate the system had been compromised. The flags are _\--socks5-hostname_, or _\--proxy_ or _\--preproxy_ set to use the scheme _socks5h://_.

How to Scan Your Environment for Vulnerable Versions of Curl

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

**Red Hat Product Security Center**

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

CVE-2023-43789: cve-details

Red Hat Security Advisory 2023-5628-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5628.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive. Going forward, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security and bug fix update  
Advisory ID:        RHSA-2023:5628-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:5628  
Issue date:         2023-10-10  
Revision:           01  
CVE Names:          CVE-2023-1095  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

* kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)

* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128)

* kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head (CVE-2023-1095)

* kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* avoid unnecessary page fault retires on shared memory types (BZ#2221102)

* [Hyper-V][RHEL-8] Fix VM crash/hang Issues due to fast VF add/remove events (BZ#2227261)

* kernel-devel RPM cross-compiled by CKI contains host-arch scripts (BZ#2232139)

* iavf: hang in iavf_remove() - SNO node hangs after running systemctl reboot (BZ#2232405)

* netfilter: RHEL 8.8 phase 2 backports from upstream (BZ#2236818)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-1095

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2023-5628-01

Red Hat Security Advisory 2023-5627-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, null pointer, out of bounds write, and use-after-free vulnerabilities.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5627.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive. Going forward, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security, bug fix, and enhancement update  
Advisory ID:        RHSA-2023:5627-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:5627  
Issue date:         2023-10-10  
Revision:           01  
CVE Names:          CVE-2020-36558  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235)

* kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)

* kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)

* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128)

* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

* kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)

* kernel: LoadPin bypass via dm-verity table reload (CVE-2022-2503)

* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)

* kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice (CVE-2022-36879)

* kernel: use-after-free due to race condition in qdisc_graft() (CVE-2023-0590)

* kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head (CVE-2023-1095)

* kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* [HPEMC RHEL 8 REGRESSION] acpi-cpufreq: Skip initialization if a cpufreq driver exists (BZ#2186307)

* [max] RHEL8.4 Pre-Alpha - [ 4.18.0-240.4.el8.dt2.ppc64le ][ fleetwood / P9 64TB/192c ] While performing DLPAR CPU operations \"BUG: arch topology borken\" messages are observed and CPU remove operation fails for removal of 140 with 255 return (BZ#2210295)

* [Intel 8.8 BUG] [SPR] IOMMU: QAT Device Address Translation Issue with Invalidation Completion Ordering (BZ#2221098)

* avoid unnecessary page fault retires on shared memory types (BZ#2221101)

* [i40e] error: Cannot set interface MAC/vlanid to 1e:b7:e2:02:b1:aa/0 for ifname ens4f0 vf 0: Resource temporarily unavailable (BZ#2228164)

* oops on cifs_mount due to null tcon (BZ#2229129)

* kernel panic due to stack overflow on ppc64le due to deep call chain. (BZ#2230268)

* [Hyper-V][RHEL 8]incomplete fc_transport implementation in storvsc causes null dereference in fc_timed_out() (BZ#2230744)

* Withdrawal: GFS2: couldn't freeze filesystem: -16 (BZ#2231826)

* [RHEL 8][Hyper-V]Excessive hv_storvsc driver logging with srb_status  SRB_STATUS_INTERNAL_ERROR  (0x30) (BZ#2231989)

* kernel-devel RPM cross-compiled by CKI contains host-arch scripts (BZ#2232138)

* RHEL-8: crypto: rng - Fix lock imbalance in crypto_del_rng (BZ#2232216)

* [Intel 8.9] iavf: Driver Update (BZ#2232400)

* Important iavf bug fixes July 2023 (BZ#2232401)

* iavf: hang in iavf_remove() - SNO node hangs after running systemctl reboot (BZ#2232404)

* [RHEL 8.9] Proactively backport locking fixes from upstream (BZ#2235394)

* NAT sport clash in OCP causing 1 second TCP connection establishment delay. (BZ#2236515)

* xfs: mount fails when device file name is long (BZ#2236814)

* netfilter: RHEL 8.8 phase 2 backports from upstream (BZ#2236817)

* swap deadlock when attempt to charge a page to a cgroup stalls waiting on I/O plugged on another task in swap code (BZ#2237686)

Enhancement(s):

* [Intel 8.7 FEAT] TSC: Avoid clock watchdog when not needed (BZ#2216051)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2020-36558

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2023-5627-01

Red Hat Security Advisory 2023-5622-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include memory leak, privilege escalation, and use-after-free vulnerabilities.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5622.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive. Going forward, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security and bug fix update  
Advisory ID:        RHSA-2023:5622-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:5622  
Issue date:         2023-10-10  
Revision:           01  
CVE Names:          CVE-2023-3609  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

* kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)

* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Low memory deadlock with md devices and external (imsm) metadata handling (BZ#1703180)

* cifs: memory leak in smb2_query_symlink (BZ#2166706)

* bnxt_en: panic in bnxt_tx_int Redux (BZ#2175062)

* NFS client loop in BIND_CONN_TO_SESSION (BZ#2219604)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-3609

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2023-5622-01

Red Hat Security Advisory 2023-5621-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5621.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive. Going forward, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel-rt security and bug fix updateAdvisory ID:        RHSA-2023:5621-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:5621Issue date:         2023-10-10Revision:           01CVE Names:          CVE-2023-3609====================================================================Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)* kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* kernel-rt: update to the latest RHEL7.9.z26 source tree (BZ#2232239)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3609References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2023-5621-01

Red Hat Security Advisory 2023-5616-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5616.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive. Going forward, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python-reportlab security updateAdvisory ID:        RHSA-2023:5616-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:5616Issue date:         2023-10-10Revision:           01CVE Names:          CVE-2019-19450====================================================================Summary: An update for python-reportlab is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python-reportlab is a library used for generation of PDF documents.Security Fix(es):* python-reportlab: code injection in paraparser.py allows code execution (CVE-2019-19450)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2019-19450References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2023-5616-01

Red Hat Security Advisory 2023-5615-01 - The libssh2 packages provide a library that implements the SSH2 protocol.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5615.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive. Going forward, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libssh2 security updateAdvisory ID:        RHSA-2023:5615-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:5615Issue date:         2023-10-10Revision:           01CVE Names:          CVE-2020-22218====================================================================Summary: An update for libssh2 is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libssh2 packages provide a library that implements the SSH2 protocol.Security Fix(es):* libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-22218References:https://access.redhat.com/security/updates/classification/#moderate

Red Hat Security Advisory 2023-5615-01

Red Hat Security Advisory 2023-5610-01 - The GNU tar program can save multiple files in an archive and restore files from an archive. Issues addressed include a buffer overflow vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5610.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive. Going forward, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: tar security updateAdvisory ID:        RHSA-2023:5610-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:5610Issue date:         2023-10-10Revision:           01CVE Names:          CVE-2022-48303====================================================================Summary: An update for tar is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The GNU tar program can save multiple files in an archive and restore files from an archive.Security Fix(es):* tar: heap buffer overflow at from_header() in list.c via specially crafted checksum (CVE-2022-48303)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-48303References:https://access.redhat.com/security/updates/classification/#moderate

Red Hat Security Advisory 2023-5610-01

Red Hat Security Advisory 2023-5607-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include an information leakage vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5607.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive. Going forward, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: linux-firmware security and enhancement updateAdvisory ID:        RHSA-2023:5607-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:5607Issue date:         2023-10-10Revision:           01CVE Names:          CVE-2023-20593====================================================================Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The linux-firmware packages contain all of the firmware files that are required by various devices to operate.Security Fix(es):* hw: amd: Cross-Process Information Leak (CVE-2023-20593)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Enhancement(s):* [Intel 9.0.z] Intel QAT Update - firmware for QAT (BZ#2168390)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-20593References:https://access.redhat.com/security/updates/classification/#moderate

Tag

#red_hat